It avoids init to crash when kernel cmdline contains a string with
spaces inside, like that:
dyndbg="file drivers/usb/core/hub.c +pltf"
(From OE-Core rev: 16bad6260a6a25b2ec25c7eb0dfe526db56f166e)
Signed-off-by: Christophe Guibout <christophe.guibout@st.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88b8b94bd2d052bca29d27bd5cd00eddb0f5999d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent commit added single quotes around the sed regex's. This prevented the
expansion of $default_baudrate in do_install(), and ended up with systemd's'
serial-getty@.service file having a literal $default_baudrate.
This broke the serial console getty service.
serial-getty@.service was getting a line which looked like this:
ExecStart=-/sbin/agetty -8 -L %I $default_baudrate $TERM
Rather than:
ExecStart=-/sbin/agetty -8 -L %I 115200 $TERM
Fixed by repacing the single quotes with double quotes in the sed expressions.
(From OE-Core rev: 1cc94a6b9b6a9d12f782471053448ad9795944bb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80b721bfa4fe300a2f52f233f44fa2835426d304)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're either hitting rate limiting with freedesktop.org or the
servers have intermittent network connections. Use our own mirror
of these repositories instead.
(Bitbake rev: 18e1957337fd9f06bc673d28dd4f8277321d07bc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a1b7ab5c9d5e64969f5ca0e41c0ac13c723e3761)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For example, if you just run 'bitbake cve-update-db-native' in a clean
build system, |cve_tmp_file| won't exist yet.
(From OE-Core rev: b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd4473f3d8e1c1a587b6de660775e4b46ddc5fad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously CVE_CHECK_DB_FILE / CVE_CHECK_DB_DIR was the same across
multiconfigs which led to a race condition wherein multiple
cve-update-db-native:do_populate_cve_db tasks could attempt to write to
the same sqlite database. This led to the following task failure:
Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_populate_cve_db(d)
0003:
File: '/mnt/data/agent/work/74f119cccb44f133/yocto/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 103, function: do_populate_cve_db
0099: if year == date.today().year:
0100: cve_f.write('CVE database update : %s\n\n' % date.today())
0101:
0102: cve_f.close()
*** 0103: conn.commit()
0104: conn.close()
0105:}
0106:
0107:def initialize_db(c):
Exception: sqlite3.OperationalError: disk I/O error
Use a lockfile to ensure multiple tasks don't step over each other.
(From OE-Core rev: f08604d27ecacfd37bd37bfaf4c76f17b8f65604)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 24e9380643a2ae3fcae193519cb64aedaf682153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
(From OE-Core rev: 4dab2610a35a998ee0bf5309a0b399ee0d54b4a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 859849c7b594d844819ad8c3f7d8325388d94b93)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE is specific to the npm package that can install cmake, so isn't
relevant to our cmake recipe.
(From OE-Core rev: ad11e4a9afea5a4c9dd34a7fa37b82efd61952a4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e74ed809ec4c1f61264ecf5be4bc319e5e07766)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand
the CVE_PRODUCT list to include all the vendors that have been used.
(From OE-Core rev: 3c0029c9cf22b6983020edf9ce2aeb7b326d8c12)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb265122cccea9466405fdd924ad10ce8cda0dec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog
- Fix issue with uintset and number of bytes copied.
- Fix issue with overflow in DHCP lease T2 computation.
- Fix issue with side channel leak in l_ecc_scalar_new.
- Fix issue with missing MSG_MORE in l_cipher_set_iv.
- Add support for DHCP v6 client implementation.
(From OE-Core rev: deb77c59b9c11738a93fc80c1b256b3df8e14827)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ad8ca257d40f5041b3ec167e4117c687da448a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Its possible some patterns may cause problems with the current path
manipulations, make a small tweak to try and avoid potential pathname
overlap issues.
(From OE-Core rev: b90c8e041a9a2daa9472ed37630d8e0fdec18d36)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 889005dc17d3e3b8eadee907ee2c05b8ff613285)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full
build paths are replaced in the environment to avoid breaking buildtools.
(From OE-Core rev: 3be3740d0239f2eb198ccd2b75597cdccbdd1efc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fcd0a9683af1a9155eabbd9056e3b46d4a931b2e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Escaping does not work in my use case. It must be escaped for
python, ssh and shell as well as for different versions of echo.
Let's try it a little less elegant, but hopefully more reliable.
(From OE-Core rev: cdbc9bf63b3e1354800032d0dd530949bafb7032)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5cc1ae332eb6b05d83802c8d64ab2767c7079412)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 97b439469a45a089431ca9c31893288c855045f4 added a fallback
mechanism for getting the rootfs timestamp. However, it uses curly
braces around the variable name, which causes bitbake resolve the
variable reference, rather than the shell, so the git timestamp
never gets used. Fix the reference to restore the intent of
making it a fallback for when there is no git timestamp to
retrieve.
(From OE-Core rev: 21d7ab8ce10f6d6a56875244c09dcfebae457b22)
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fbcf2c1c255b0c61a795c032cf7b67f5db41baa8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have an issue where qemu is being starved of resources on our autobuilders.
We can't raise its priority without special capacilties, therefore add a hook
which if present can allow this to happen using an executable
"~/runqemu-renice".
(From OE-Core rev: 829443b3fafa000e330c06ebb144641bd2d20ad1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 141a3c9ce93bc3d526303021ecf0460c6e9fea8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Depending on nativesdk- varients in a nativesdk build isn't correct, so
just collapse the DEPENDS down and let bitbake do the right thing (which
is leaving them as -native).
(From OE-Core rev: 32902a2763a7557d52bf27f3717b8f9b27275284)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4864167ad4ed4c57e49f2aa5e7c58383bddb052b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The file path checks are passed an ELF object if the file is an ELF. It
doesn't make a lot of sense to load symlinks to ELFs as if they're in
the same package then the real file will be checked too.
This should speed up do_package_qa slightly as libraries won't be
scanned repeatedly.
(From OE-Core rev: 0b6f03752e6581a15e5fb900a8de7aef78709ef6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c63af30d3b6350361daff94a59d4f14d7c5395e1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Convert the installed-tests toggle from simply respecting PTEST_ENABLED
to a PACKAGECONFIG, so that it can be turned on/off in the usual manner.
(From OE-Core rev: 02a1d8edc42961a4d97e6cd8d6e7cc573e1c1486)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 08e61ffae6056055b56f93678bcbb9fd71f3303e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Its becomming clear the upstream server doesn't like this, drop these
two urls from the test, not sure we need them here anyway.
(Bitbake rev: 16774d4d41f2011e8db7d2986a1a701df123dfc1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ab2ef942dc21f9639793c972f2e546edf9444783)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Before this fix, this example basepath (a):
virtual:native:/full/path/to/recipes-example/helloworld/helloworld_1.2.3.bb:do_compile
would get incorrectly "cleaned" into:
helloworld/helloworld_1.2.3.bb:do_compile:virtual:native:/full/path/to/recipes-example/helloworld/helloworld_1.2.3.bb
When searching backwards in `a` trying to isolate the 'virtual:xyz' to add
it to the end of the string, we need to consider `a` still has the recipe
path and taskname. So stoping the rsplit after only 1 split is not enough.
We want to reach the second ':' from the end.
This way, we obtain:
helloworld/helloworld_1.2.3.bb:do_compile:virtual:native
reviewed-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
(Bitbake rev: befc11acd25a9d9a2d44c20a0e33ada740407af7)
Signed-off-by: Jean-Francois Dagenais <jeff.dagenais@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d193d93422a0ad62aa35b5d4ca5da8d422f72180)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Packages with a runtime dependency on a target package whose name is
changed by the PKG_* mechanism must rebuild when that mapping changes,
but we have no way of tracking this today, so
eg. packagegroup-machine-base ends up with a relationship on a
versioned kernel-image, and does not get rebuilt when that version
changes, leading to unsatisfiable dependency and reproducibility
issue.
OTOH there is no reason for the dependency to get rewritten if the
renamed package already has a RPROVIDES on the non-rewritten package
name, and if the dependency relationship is an unversionned one. This
is what this patch prevents.
Note that this may not cover all cases of rewritten package names.
Notably I had to let the rewrite be done in the case of versionned
dependencies, as package managers usually can follow "Provides" in
such case; this includes many dependencies against shared-lib packages
renamed to their soname, and those at least are OK, since the
dependent recipe should explicitly depend on the target recipe.
(From OE-Core rev: 920beaaeef62b558e046f32c8ef0332250969ef1)
(From OE-Core rev: 210ebed1e9c2285d6e457bf03d1f1a1f3ddc7fda)
Signed-off-by: Yann Dirson <yann@blade-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since 'fido', kernel headers are installed in STAGING_KERNEL_BUILDDIR,
not STAGING_KERNEL_DIR. So this message in the linux-libc-headers
recipe is slightly misleading.
(From OE-Core rev: 83b74458783aac5d1d5a3ea8a31ccb79de3719bc)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdd06f8ed58ed1c4983f8188e98f1a132da91e3d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When failing, give more information about why exactly a failure is
happening such as the PR values in question.
(From OE-Core rev: 86eb281069334020c5fd93ba6fce69c67d7c8056)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdd3abcc210e8f58b7b411da6bbd9c5314819908)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a package contains hard links to a file, the file size is added for
each hard link instead of once for the file. Therefore, the calculated
size may be much larger than the actual package size.
For example, the mesa-megadriver package contains several hard links to
the same library.
Keep track of the inode numbers when listing the files that are
installed and use the actual size only for the first occurrence of an
inode. All further hard links to the same inode are added to the file
list, but accounted with size 0.
All file names need to be added to the file list, because the list is
used for preserving the files/hard links on the target.
(From OE-Core rev: 85b1e835572d184cfff86a87fced8673d1d40a7c)
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17e92572278980d1a7f06de9d72c68baf57698f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of showing a filename under packages-split, show the package
name and filename inside the package.
(From OE-Core rev: 60b474320e2dd36bff9f0ef5f1dc491cbe734919)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f78fc65bb0c9bff05651d9e543bab3d75998f79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix gnu-hash-style check that always returned True after commit [1]
leading to false positive presence of "GNU_HASH" in objdump output.
Fixes: 9ff90bf04a4c ("mips: Enable gnu-hash-style on glibc") [1]
(From OE-Core rev: af265eca8c95ba92718b37e62b5b4eeb2f17668c)
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 996010f1b9ca98592e2c87e1adcb0c79b86517b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redirect stderr to stdout when running subcommands while doing the SDK
tests. The tests will show stdout when CalledProcessError is raised,
but any output to stderr was lost.
(From OE-Core rev: cf6cab12ca7ff40ac484cdaf27ea91ed49b901b0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7cb4e9ab8c1596281060e94a216966060103956e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
While enabling systemd, there is QA issue:
...
|ERROR: sysstat-12.4.0-r0 do_package: QA Issue: sysstat: Files/directories
were installed but not shipped in any package:
| /lib/systemd/system-sleep
| /lib/systemd/system-sleep/sysstat.sleep
...
https://www.freedesktop.org/software/systemd/man/systemd-sleep.html
says the files should be dropped into /usr/lib/systemd/system-sleep
(that would be /lib/systemd/system-sleep in our configuration). By
moving the files to another directory they'll be packaged but not
loaded by systemd.
Suggested-by Ross Burton <ross@burtonini.com>
(From OE-Core rev: 89cb403fce24c853be49e4190d2020c6911b6a31)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3bdd40ea09e50067f11c12290ab465a9ef229fc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
npm changes were merged that require bitbake 1.46.0,
you can't do a recipetool newappend on dunfell otherwise
(From OE-Core rev: 5d8b81fd0f1a25fab6de6e23223e46ec54a8cf66)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
u-boot.inc and busybox.inc contain identical copies of this little
helper. They both inherit the cml1 class and use cml1_do_configure
right after having used this helper, and other recipes that want to
write similar logic for doing Kconfig via fragments will also need it
or something equivalent.
(From OE-Core rev: b0fb7f18f9091db50204ef1ebd5248739ddcd6c2)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af687c9137a3e8efe48afa6fd12866cf656ae913)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is based on the patch from Zhaolong Zhang <zhangzl2013@126.com>
[kernel-yocto: checksum indirect cfg and scc files]
While the recommended manner to share/reuse feature fragments is to
maintain them in a kernel-meta repository and track the changes via the
standard SRCREV fetcher mechanism, that method is not always practical
for small sets of features or for quick testing of changes.
These other flows use .scc files on the SRC_URI. It has been noted that
config fragments or other features indirectly included by those .scc
files will not trigger the kernel meta-data to be re-run and hence a
build can continue with stale data (or not be triggered at all).
To solve this issue, we can collect the directories that are searchable
via FILESEXTRAPATHS and add them to the do_kernel_metadata task
checksum.
This allows modifications, additions and removals from the potential
kernel feature directories to trigger a re-execution of the meta data
task.
(From OE-Core rev: e397859ceac42d926134d5cb7828526d8d649c95)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09f4db415fb6a1398e9e9b359630043c833f6118)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
